Samsung data breach steals 270,000 customer records

On 30 March 2025, tech giant Samsung was the victim of a customer data breach. Among the leaked , personal information such as names, postal and email addresses have been identified, as well as transaction information, order numbers, tracking URLs, support interactions and communication between customers and Samsung.

The author, GHNA, has published approximately 270,000 customer records allegedly stolen from Samsung Germany's support ticket system. GHNA accessed the infrastructure of this Samsung system using credentials stolen from an employee in 2021, after being infected with the Racoon infostealer. The stolen account belonged to Samsung's Spectos GmbH service, which is used to monitor and improve the quality of the support service.

Since 2021, the login information and credentials of this account were not updated. It was this security flaw that caused 270,000 customer records to be dumped on the Internet recently. In this way, the leaked data could be used as part of several types of attacks, including targeted phishing of specific customers, account takeovers through customer service spoofing, or fraud such as false warranty claims.